• Cybersecurity News

Siemens has disclosed a critical heap-based buffer overflow vulnerability (CVE-2024-49775) in its User Management Component (UMC), a core element integrated into several of its products. If exploited, ... Read more

• TheCyberThrone

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-12356: Command Injection Vulnerability in BeyondTrust PRA and RSO ... Read more

• Dark Reading

Source: ZUMA Press, Inc. via Alamy Stock PhotoA critical, stubborn new vulnerability in Apache Struts 2 may be under active exploitation already, and fixing it isn't as simple as downloading a patch.S ... Read more

• TheCyberThrone

Fortinet has released patches for vulnerabilities affecting its popular products, including FortiClient VPN, FortiManager, and FortiWLM. These flaws range from password exposure to remote code executi ... Read more

• The Register

A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code. Struts is a Java-based web application framework wi ... Read more

• BleepingComputer

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. Apache Struts is an open-so ... Read more

• TheCyberThrone

The Clop ransomware gang has recently claimed responsibility for a series of sophisticated data theft attacks targeting Cleo, a prominent provider of managed file transfer software. These attacks expl ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 30, 2024.Jenkins fixes multiple ... Read more

• TheCyberThrone

The US CISA adds Cleo vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation reported.Security vendor Huntress was the first to publicize the attacks ... Read more

• TheCyberThrone

GitLab has released a crucial security update to address multiple vulnerabilities impacting various versions of its platform. This update, applicable to versions 17.6.2, 17.5.4, and 17.4.6 for both Co ... Read more

• security.nl

Een kritieke kwetsbaarheid in Apache Struts 2 maakt remote code execution mogelijk en overheidsinstanties roepen beheerders en organisaties op om de beschikbaar gestelde beveiligingsupdate te installe ... Read more

• TheCyberThrone

Apache Struts framework has been detected with a critical vulnerability that could allow attackers to execute malicious code remotely, posing a significant risk to affected systems.The vulnerability t ... Read more

• TheCyberThrone

A critical vulnerability identified has been discovered in the Splunk Secure Gateway app, affecting various versions of Splunk Enterprise and the Splunk Cloud Platform.The vulnerability tracked as CVE ... Read more

• The Register

We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE. According to the National ... Read more

• Cybersecurity News

Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attac ... Read more

• TheCyberThrone

Cybersecurity researchers at Oasis Security have discovered a significant vulnerability in Microsoft’s Multi-Factor Authentication (MFA) system, which they have named AuthQuake.This vulnerability allo ... Read more

• TheCyberThrone

The Apache Software Foundation has announced the release of Apache Superset 4.1.0 with several bug fixes that could potentially allow attackers to bypass security controls, access sensitive data, and ... Read more

• TheCyberThrone

Google has released updates for its Chrome browser, addressing several security vulnerabilities, including two important vulnerabilities.The first vulnerability tracked as CVE-2024-12381 with a CVSSv3 ... Read more

• TheCyberThrone

The US CISA adds Microsoft vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.The vulnerability tracked as CVE-2024-49138 with a CVSS score of 7. ... Read more

• Cybersecurity News

Ivanti, a leading provider of IT management and security solutions, has released critical security updates for the Ivanti Cloud Services Application (CSA). These updates address vulnerabilities that c ... Read more

• TheCyberThrone

A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that allows attackers to escalate privileges and execute ... Read more

• TheCyberThrone

The Django team has released Django 5.1.4, Django 5.0.10, and Django 4.2.17 versions to address two security vulnerabilities.The first vulnerability tracked as CVE-2024-53907 with a CVSS score of 7.5 ... Read more

• Cybersecurity News

A critical security vulnerability has been discovered in the popular WordPress plugin, WP Umbrella, which is used by over 30,000 websites. The flaw, identified as CVE-2024-12209 and assigned a CVSS sc ... Read more

• TheCyberThrone

SonicWall has released patches for several (six) vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from the Apache HTTP Server to cr ... Read more

• Cybersecurity News

The notorious Black Basta ransomware group is back, employing sophisticated social engineering tactics and deploying advanced malware payloads in their latest campaign. According to a detailed analysi ... Read more

• TheCyberThrone

SailPoint IdentityIQ has been affected by a critical vulnerability, that could allow sensitive data exposureThe vulnerability tracked as CVE-2024-10905 with a CVSS score of 10.0, stems from improper a ... Read more

• TheCyberThrone

The CISA has warned about a critical vulnerability in CyberPanel tracked as CVE-2024-51378, is being actively exploited by attackers to deploy ransomware and added to the known exploited vulnerability ... Read more

• TheCyberThrone

Security researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785 with a CVSS score of 9.8, a critical remote code execution vulnerability affecting Progress WhatsUp Gold,A critic ... Read more

• TheCyberThrone

Google has released patches for a high severity vulnerability in its popular  Chrome web browser residing within the V8 JavaScript engine and allow attackers to execute arbitrary code on users’ system ... Read more

• TheCyberThrone

The US CISA has added the below vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.CVE-2023-45727 Tracked as CWE-611, North Grid Proself Enterp ... Read more

• TheCyberThrone

IBM has  released patches for multiple vulnerabilities, that could lead to a remote code execution to hard-coded credentials and privilege escalation that potentially compromising sensitive data and d ... Read more